package cn.itcast.shiro.controller;

import cn.itcast.shiro.domain.User;
import cn.itcast.shiro.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpSession;
import java.util.Enumeration;

@RestController
public class UserController {

    @Autowired
    private UserService userService;

    //添加
    @RequestMapping(value = "/user",method = RequestMethod.POST)
    public String add() {
        return "添加用户成功";
    }
	
    //查询  需要权限
    @RequestMapping(value = "/user",method = RequestMethod.GET)
    @RequiresPermissions(value = "user-find")
    public String find() {
        return "查询用户成功";
    }

    //查询  需要权限
    @RequestMapping(value = "/user/find",method = RequestMethod.GET)
    public String findx() {
        return "findx 查询用户成功";
    }
	
    //更新
    @RequestMapping(value = "/user/{id}",method = RequestMethod.GET)
    public String update(String id) {
        return "更新用户成功";
    }
	
    //删除  需要角色
    @RequestMapping(value = "/user/{id}",method = RequestMethod.DELETE)
    @RequiresRoles(value = "系统管理员")
    public String delete() {
        return "删除用户成功";
    }

    //http://localhost:8085/login?username=zhangsan&password=123456
	//用户登录
	@RequestMapping(value="/login")
    public String login(String username,String password) {
        try{
            //密码加密，当然数据库中的密码也要是密文
            /**
             * 密码加密：
             *     shiro提供的md5加密
             *     Md5Hash:
             *      参数一：加密的内容
             *              111111   --- abcd
             *      参数二：盐（加密的混淆字符串）（用户登录的用户名）
             *              111111+混淆字符串
             *      参数三：加密次数
             *
             */
            password = new Md5Hash(password, username, 3).toString();
            System.out.println("password:" + password);
            Subject subject = SecurityUtils.getSubject();
            UsernamePasswordToken passwordToken = new UsernamePasswordToken(username, password);
            subject.login(passwordToken);
            System.out.println("用户登录");

            //获取SeesionId, 下一个请求就将其设置在
            String id = subject.getSession().getId().toString();
            return "登录成功:" + id;
        }catch (Exception e){
            e.printStackTrace();
            System.out.println("用户名或密码错误");
            return "用户名或密码错误";
        }
    }

    //登录成功后，打印所有session内容
    @RequestMapping(value = "/show")
    public String show(HttpSession session){
        // 获取session中所有的键值
        Enumeration<?> enumeration = session.getAttributeNames();
        // 遍历enumeration中的
        while (enumeration.hasMoreElements()) {
            // 获取session键值
            String name = enumeration.nextElement().toString();
            // 根据键值取session中的值
            Object value = session.getAttribute(name);
            // 打印结果
            System.out.println("<B>" + name + "</B>=" + value + "<br>/n");
        }
        return "查看session成功";
    }

    @RequestMapping(value = "/autherror")
    public String autherror(int code){
        return code == 1 ? "未登录" : "未授权";
    }
}
